httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <>
Subject Re: [users@httpd] filesmatch suspends AccessFileName?
Date Fri, 05 Apr 2013 12:29:21 GMT
> The regex in filesmatch Directive is quite useless but this leads to the
> problem that .htaccess file can called by http in browser and shows all of
> its contents.
> Seems to me quite simple for a user to disclose his .htaccess contents by
> simple filesmatch directive which suddenly ignores AccessFileName directive.
> Is this a bug or expected?

I have the following in the httpd.conf:

# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All

Don't you have something similar?

View raw message